Ransomware Paralyzes Democrats for Days

Ray Walsh

March 7, 2017

State Democrats in Pennsylvania were yesterday still locked out of their computers after being hit by ransomware on Friday. The cyberattack, which has completely locked top Pennsylvania state Democrats out of their machines, started on Friday morning. Three days later, the Democrats are still unable to access their network, including emails, because the ransom has not been paid.

So far, Senate Minority Leader Jay Costa, D-Allegheny, has refused to pass comment on the amount of money that is being demanded by the cyberattackers. What is known, is that the Democrats who have been locked out of the network are not keen on paying the cyberattacker, and are making a stand. Whether this decision will be reversed, nobody knows, but for now, they remain locked out of their system.

Not Keen to Pay up

Costa confirmed that they are attempting to restore access to the system without paying the ransom:

“Right now, we have no intention of dealing with the demand. At this point we’re not planning on paying any ransom.”

The vital network holds a large number of documents, including policy work and constituent case files. According to Stacey Witalec, a spokesperson for the Democrat caucus, computer services like email access, web hosting, databases and file storage for all 16 Democratic senators and their employees, as well as the individual websites of the 16 Democrats, have all been paralyzed by the attack. As such, regaining access is a high priority.

Whether this is achievable without paying the ransom chiefly comes down to how well the cyberattack was carried out. If the ransomware attack has been well executed with strong encryption, the senators may have to wave a white flag and pay the ransom.

However, at times novice hackers (who aren’t at the top of their game) simply copy and paste code they find online. If any mistake has been made, it could give cybersecurity experts the opportunity to break back into the system. For this reason, the FBI has been brought in to attempt to wrestle the system back off the cybercriminals in question.

Deadline or Delete

Sen. Daylin Leach, D-Montgomery, has claimed that the hackers gave a one-week deadline for the ransom to be paid. If the ransom isn’t received by Friday, the cybercriminals claim they will delete all the data from the Democrats’ system. The good news is that, according to Tom Wolf, the state network (which is separate from the Democrats’ network), has not been affected by the ransomware attack.

One reason that the Democrats aren’t particularly worried, is that their network is backed up regularly. As such, if the attacker does delete the system, the Democrats still have the data available on the servers where it is being backed up. Costa says that those backups are made nightly, so as soon as the FBI (which is working with Microsoft) manages to restore the system, all the data can be restored anyway, even if the hackers delete everything.

According to Costa, Microsoft and the FBI are also working together to search for the digital fingerprints that could lead them to the attackers. A forensic team will reveal what it knows in a few days. While it is not known whether the attack was political in nature (or simply an act of extortion), the latter seems far more probable.

Show Me the Money

The reason? Hackers who use malware tend to be financially motivated rather than politically motivated. The ransom is usually demanded in the digital currency bitcoin (which can be more easily laundered). Politically motivated hackers tend to steal data, with a view to releasing it to the public, rather than lock it up. As such, politically motivated penetrations tend to culminate in whistleblower-type outcomes, like the ones that struck the DNC during last year’s presidential elections.

What is slightly confusing, is that Sen. Daylin Leach has made a statement in which he says that the department can manage in the short term, but might have some problems longer term. This seems to stand in contrast to what is known about the case so far. If the data is backed up and recoverable, then surely the discomfort is in the short term, while the attack in ongoing and they are locked out of their systems?

However, it is possible that Leach meant that the department could hold off on doing vital work (for this week), but that if the system remained down for longer periods of time then the backlog might begin to have more serious ramifications. Costa has confirmed that the loss for the department has so far been minimal:

“There’s been an impact on the staff and operations, but not a hugely significant one.”

Though this, perhaps, says more about the amount of work that the 16 Democrats do on an average day than the attack itself.

Opinions are the writer’s own.

Title image credit: Mashka/Shutterstock.com

Image credit: Steve Heap/Shutterstock.com

Image credit: jijomathaidesigners/Shutterstock.com

Image credit: HN Works/Shutterstock.com

Like it? Share it!

I am a freelance journalist and blogger from England. I am highly interested in politics and in particular the subject of IR. I am an advocate for freedom of speech, equality, and personal privacy. On a more personal level I like to stay active, love snowboarding, swimming and cycling, enjoy seafood, and love to listen to trap music.